Authentication device for virtual assistant systems

ABSTRACT

Disclosed herein is a virtual assistant system having a biometric authentication device coupled to an electronic voice-based virtual assistant device. The biometric authentication device is configured to authenticate a user based on biometric data of the user to allow the user access to features of the electronic voice-based virtual assistant device.

TECHNICAL FIELD

This application relates generally to the field of virtual assistantsystems, and more particularly to the field of authentication devicesallowing secure access to the virtual assistant systems.

BACKGROUND

Intelligent automated assistants such as virtual assistants is a growingfield of artificial intelligence technology that provide beneficialinterfaces between human users and electronic devices. The virtualassistants allow users to interact with devices or systems using naturallanguage in spoken and/or text forms. A user can provide a spoken inputcontaining a user request to a virtual assistant operating on anelectronic device. The virtual assistant interprets the user's intentfrom the spoken input and operationalizes the user's intent into one ormore tasks. The tasks can then be performed by executing one or moreservices of the electronic device, thereby returning relevant outputresponsive to the user request. The tasks and responsibilities caninclude monitoring calendar tasks, extracting relevant news, makingtravel reservations, or performing financial transactions.

As the prevalence of virtual assistants grows, authentication of usersand system security on the virtual assistants continues to be animportant concern. If a non-authorized person obtains access to avirtual assistant of a user, then the non-authorized person may be ableto obtain sensitive information and privileges associated with the user.After gaining the sensitive information and the privileges of the user,a non-authorized person may attempt to commit fraudulent transactionsusing the sensitive information, change the settings on the virtualassistant, or access network resources. Therefore, there is a need forauthentication systems for the users of the virtual assistants in orderto enhance the security of the virtual assistants.

SUMMARY

Disclosed herein are systems and methods capable of addressing theabove-described shortcomings by preventing unauthorized users access tostand-alone and stationary virtual assistants, and may also provide anynumber of additional or alternative benefits and advantages. Forexample, various embodiments described herein generally relate tomethods and systems that provide an efficient and secure technique forauthentication of a user by multi factor authentication techniquesbefore allowing the user to execute a command using a stand-alone andstationary virtual assistant device. A stand-alone and stationaryvirtual assistant device such as AMAZON™ ALEXA™ may provide acommunication interface to users allowing the users to interact with avirtual assistant program of the stand-alone and stationary virtualassistant device using natural language in spoken and/or text forms.Prior to any interaction with the virtual assistant program, the usermay be required to provide biometric input data to an authenticationdevice coupled with the stand-alone and stationary virtual assistantdevice, which may be used by the authentication device to authenticateidentity of the user, and enabling interaction between the user and thevirtual assistant program of the stand-alone and stationary virtualassistant device only upon successful authentication of the user.

In one embodiment, an authentication device may include a housing, arecess, and a fingerprint reader. The housing may include an outersurface and an inner surface. The housing may further include a topwall, a bottom wall positioned opposite to the top wall, and at leastone lateral wall joined to and disposed between the top wall and thebottom wall. The recess within the housing may open towards the top walland spaced inwardly of the inner surface of the housing. The recess isconfigured to receive an electronic virtual assistant device. Thefingerprint reader is disposed on the outer surface of the housing andis configured to receive a set of purported fingerprint data credentialsof a user for authenticating the user.

In another embodiment, an authentication device may include a housing, arecess, a fingerprint reader, and a power charging adapter. The housingmay include an outer surface and an inner surface. The housing mayfurther include a top wall, a bottom wall positioned opposite to the topwall, and at least one lateral wall joined to and disposed between thetop wall and the bottom wall. The recess within the housing may opentowards the top wall and spaced inwardly of the inner surface of thehousing. The recess is configured to receive an electronic virtualassistant device. The fingerprint reader is disposed on the outersurface of the housing and is configured to receive a set of purportedfingerprint data credentials of a user for authenticating the user. Thepower charging adapter is disposed within the housing. The powercharging adapter may include a charging body coupled to a powerconnector having an elongated shape. The power connector is configuredto receive a corresponding socket of the electronic virtual assistantdevice and the charging body comprising a charging contact enablingpassing through of power charge.

In another embodiment, a virtual assistant system may include anauthentication database configured to store a set of biometriccredentials associated with authorized users. The virtual assistantsystem may further include an authentication device comprising a firsthousing comprising an outer surface and an inner surface and a biometricidentification reader disposed on the outer surface of the firsthousing. The biometric identification reader is configured to receive aset of purported biometric data credentials of a user. The virtualassistant system may further include an authentication server incommunication with the authentication database and the biometricidentification reader via a network, the authentication server receivingan authentication request associated with the user comprising the set ofpurported biometric data credentials of the user from the biometricidentification reader and processing the authentication request todetermine an authentication status of the user. The virtual assistantsystem may further include a stand-alone and stationary electronicvirtual assistant device comprising a second housing, wherein one ormore components associated with the second housing are coupled tocorresponding one or more components associated with the first housingto securely pair the stand-alone and stationary electronic virtualassistant device with the authentication device, the stand-alone andstationary electronic virtual assistant device is configured to receivethe authentication status of the user from the authentication serverupon the authentication server completing the processing of theauthentication request.

In another embodiment, a method may include receiving, by anauthentication server, via a biometric identification reader of anauthentication device disposed on an outer surface of the authenticationdevice, an authentication request associated with a user comprising aset of purported biometric data credentials of a user to execute acommand using a stand-alone and stationary electronic virtual assistantdevice, wherein one or more components of the authentication device arecoupled to one or more components of stand-alone and stationaryelectronic virtual assistant device, and wherein the authenticationserver is in communication with the authentication device and thestand-alone and stationary electronic virtual assistant device via anetwork. The method may further include, in response to receiving theauthentication request, querying, by the authentication server, adatabase configured to store a set of biometric credentials associatedwith authorized users permitted to execute the command using thestand-alone and stationary electronic virtual assistant device. Themethod may further include, in response to the authentication servermatching the set of purported biometric data credentials of the userwith the set of credentials associated with authorized users, granting,by the server to the user, access to execute the command using a virtualassistant program being executed on the stand-alone and stationaryelectronic virtual assistant device.

In another embodiment, a virtual assistant system may include adatabase, an authentication device, and an electronic virtual assistantdevice. The authentication device may include a first housing and abiometric identification reader disposed on an outer surface of thefirst housing and configured to receive a set of purported biometricdata credentials of a user for authenticating the user. The electronicvirtual assistant device may include a second housing, wherein thesecond housing is coupled to the first housing of the authenticationdevice for securely pairing the electronic virtual assistant device withthe authentication device, and wherein the electronic virtual assistantdevice is configured to receive authentication status of the user fromthe authentication device.

In another embodiment, a virtual assistant system may include adatabase, an authentication device, and an electronic virtual assistantdevice. The authentication device may include a first housing, abiometric identification reader disposed on an outer surface of thefirst housing and configured to receive a set of purported biometricdata credentials of a user, and a processor configured to authenticatethe user upon determining that the set of purported biometric datacredentials received from the user in the biometric identificationreader matches a set of credentials associated with authorized usersstored in the database. The electronic virtual assistant device mayinclude a second housing, wherein the second housing is coupled to thefirst housing of the authentication device for securely pairing theelectronic virtual assistant device with the authentication device, andwherein the electronic virtual assistant device is configured to processone or more requests from the user upon receiving confirmation ofauthentication of the user from the authentication device.

In another embodiment, a method may include receiving, by anauthentication server, via a biometric identification reader of anauthentication device, an authentication request for a user to execute acommand using an electronic virtual assistant device, the authenticationrequest comprising a set of purported biometric data credentials of auser. The method may further include querying, by the authenticationserver, a database configured to store a set of biometric credentialsassociated with authorized users. The method may further include, inresponse to the authentication server matching the set of purportedbiometric data credentials of the user with the set of credentialsassociated with authorized users, granting, by the server to the user,access to a virtual assistant program being executed on the electronicvirtual assistant device.

It is to be understood that both the foregoing general description andthe following detailed description are explanatory and are intended toprovide further explanation of the subject matter as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings constitute a part of this specification andillustrate embodiments that, together with the specification, explainthe subject matter.

FIG. 1A illustrates an authentication device, according to anembodiment.

FIG. 1B is a front view of an authentication device, according to anembodiment.

FIG. 1C is a rear view of an authentication device, according to anembodiment.

FIG. 1D is a right side view of an authentication device, according toan embodiment.

FIG. 1E is a left side view of an authentication device, according to anembodiment.

FIG. 1F is a top view of an authentication device, according to anembodiment.

FIG. 1G is a bottom view of an authentication device, according to anembodiment.

FIG. 1H is a side view of charging adapter of an authentication device,according to an embodiment.

FIG. 1I is a bottom view of charging adapter of an authenticationdevice, according to an embodiment.

FIG. 1J is a virtual assistant system comprising an authenticationdevice and a virtual assistant device, according to an embodiment.

FIG. 2 illustrates a virtual assistant system for authenticating a useraccessing a virtual assistant device, according to an embodiment.

FIG. 3 illustrates a process for authenticating a user accessing avirtual assistant system, according to an embodiment.

DETAILED DESCRIPTION

Reference will now be made to the illustrative embodiments illustratedin the drawings, and specific language will be used here to describe thesame. It will nevertheless be understood that no limitation of the scopeof the claims or this disclosure is thereby intended. Alterations andfurther modifications of the inventive features illustrated herein, andadditional applications of the principles of the subject matterillustrated herein, which would occur to one skilled in the relevant artand having possession of this disclosure, are to be considered withinthe scope of the subject matter disclosed herein. The present disclosureis here described in detail with reference to embodiments illustrated inthe drawings, which form a part here. Other embodiments may be usedand/or other changes may be made without departing from the spirit orscope of the present disclosure. The illustrative embodiments describedin the detailed description are not meant to be limiting of the subjectmatter presented here.

FIG. 1A-1J illustrates a virtual assistant system having anauthentication device 100 and an electronic virtual assistant device 102(hereinafter also referred to as an electronic device 102). Theauthentication device 100 and the electronic device 102 may be securelycoupled to each other by coupling of various components of theauthentication device 100 and the electronic device 102 to allowcommunication between various same or different components of theauthentication device 100 and the electronic device 102. In someembodiments, the authentication device 100 and the electronic device 102may be securely coupled to each other using wired means. In someembodiments, the authentication device 100 and the electronic device 102may be securely coupled to each other using wireless technology. In someembodiments, the authentication device 100 and the electronic device 102may be securely coupled to each other using one or more connectors.

An authentication device 100 of a virtual assistant system may include abiometric identification device (also referred to as a biometricidentification reader). The biometric identification reader isconfigured to receive biometric data of a user. The authenticationdevice 100 is configured to authenticate the user upon determining thata set of purported biometric data credentials received from the user inthe biometric identification reader matches a set of credentialsassociated with the user stored in a database. In one non-limitingembodiment, a biometric identification device may correspond to afingerprint recognition device such as a fingerprint reader 104. In thenon-limiting embodiment, the fingerprint reader 104 is of oval shape. Inalternate embodiments, the fingerprint reader 104 may be of any suitablegeometric shape such as circular, rectangular, or the like withoutlimiting the scope of the disclosed embodiments. The authenticationdevice 100 may further include one or more electronic circuits, one ormore processors, a memory, and a battery. The authentication device 100may also be in communication with a database.

The authentication device 100 may have a housing 106 having an outersurface and an inner surface. The housing 106 may be a case, which isformed of plastic, glass, ceramics, fiber composites, stainless steel,aluminum, other suitable materials, or a combination of these materials.The housing 106 may be formed using a configuration in which some or allportion of the housing 106 is machined or molded as a single structure,or may be formed using multiple structures. In some configurations, thehousing 106 may be formed using front and rear structures that aresubstantially planar. The front and rear structures of the housing 106may correspond to walls such as a front wall 114 and a rear wall 116.The housing 106 may also have a top wall 122, a bottom wall 124 situatedopposite the top wall 122, and multiple side and lateral walls such asright side wall 118 and left side wall 120 respectively, joined to anddisposed between the top wall 122 and the bottom wall 124. The lateralwalls such as right side wall 118 and left side wall 120 may be oppositeone another and with the top wall 122 and bottom wall 124 define a sideopening in the housing 106 for receiving a fingerprint reader 104. Thetop wall 122 may further contain an opening 110 formed through itsthickness to allow access to at least a portion of a housing 112 of anelectronic device 102, which is inserted into at least a portion of thehousing 106 of the authentication device 100 through the opening 110 inthe top wall 122. In some embodiments, at least a portion of the housing106 of the authentication device 100 may be inserted and/or accommodatedwithin at least a portion of the housing 112 of the electronic device102. The bottom wall 124 may contain an opening formed through itsthickness to allow access to one or more electronic circuits, one ormore authentication servers comprising authentication processors, amemory, and a battery, which is inserted into the housing 106 throughthe opening in the bottom wall 124. The bottom wall 124 may also containmultiple rubber pads 130.

A housing 106 of an authentication device 100 may also include adepression and/or a recess containing a power charging adapter. In otherwords, the power charging adapter is disposed within the housing 106.The power charging adapter may include a charging body 128 having anelongated shape coupled to a power connector 126 (such as a power post)configured to receive corresponding connector port of the electronicdevice 102. The power connector 126 may also have an elongated shape.The length and width of the power connector 126 is smaller than lengthand width of the charging body 128. In some embodiments, the length andwidth of the power connector 126 may be larger than the length and widthof the charging body 128. In some embodiments, the length and width ofthe power connector 126 may be substantially equal to the length andwidth of the charging body 128. The charging body 128 is coupled to thepower connector 126 to securely establish an electrical connection and amechanical connection between the authentication device 100 and theelectronic device 102. In some embodiments, the power charging adaptermay include multiple power connectors 126 configured to receivecorresponding ports and/or sockets of the electronic device 102 tosecurely establish the electrical connection and the mechanicalconnection between the authentication device 100 and the electronicdevice 102. The charging body 128 portion of the power charging adaptermay be disposed in the housing 106 and may include charging contacts 108configured to receive power charge upon establishment of the powerconnection between the authentication device 100 and the electronicdevice 102. The charging contacts 108 may also enable passing through ofpower charge. The charge may power the authentication device 100. Insome embodiments, the charge may power various servers and databasesassociated with and/or in communication with the authentication device100. The charging contacts 108 may be spring loaded. In someembodiments, the charging contacts 108 may be magnetic. In someembodiments, the charging contacts 108 may be spring loaded andmagnetic.

One or more power connectors 126 may be formed through its thickness forreceiving and mounting the power connectors 126 on the housing 106. Insome embodiments, the power connectors 126 may be formed in the top wall122 of the housing 106, and a data interface connector and a powerconnector of the power connectors 126 may be mounted on the top wall122. In some embodiments, the power connectors 108 may be also formed inthe bottom wall 124 of the housing 106, and the data interface connectorand the power connector of the power connectors 126 may be mounted onthe bottom wall 124. In some embodiments, the power connectors 126 maybe formed in side walls such as right side wall 118 and left side wall120 respectively of the housing 106, and the data interface connectorand the power connector of the power connectors 126 may be mounted onthe side walls such as right side wall 118 and left side wall 120. Thepower connectors 126 may be adapted to be electrically coupled tocorresponding power connectors mounted on the electronic device 102. Asillustrated in FIGS. 1H and 1I, a power charging adapter in a housing106 may include one power connector 126, identified as, a male plugconfigured to receive a corresponding female socket of the electronicdevice 102 to securely form the electrical connection and/or themechanical connection between the authentication device 100 and theelectronic device 102. In some embodiments, the power connector 126, maybe identified as, a female socket is configured to receive acorresponding male plug of the electronic device 102 to securely formthe electrical connection and/or the mechanical connection between theauthentication device 100 and the electronic device 102, which may be astand-alone, stationary, non-battery powered, and WIFI-enabledelectronic virtual assistant device, such as AMAZON™ ALEXA™.

The authentication device 100 optionally includes a notch 132 on a topsurface of the housing 106. The notch is configured to receive a powercord, Ethernet cable, or other wiring from the electronic device 102 orcharging body 128. The notch 132 can allow a more secure fitting of theelectronic device 102 in the opening 110 by allowing any cord, cable, orwire to pass directly through a wall of the housing 106.

The housing 106 may also include a cover. The cover may be pivotallymounted on the housing 106, and is positioned on the housing 106 anddimensioned to cover the fingerprint reader 104. The cover may bepivotable to an open position to allow the fingerprint reader 104 to beinserted into and removed from the housing 106, and a closed position toenclose and secure the fingerprint reader 106 in the housing 104.

FIG. 2 illustrates a virtual assistant system 200. The system 200includes an electronic virtual assistant device 202 (hereinafter alsoreferred to as an electronic device), an authentication device 204having a fingerprint reader 206, an authentication server 208, anauthentication database 210, a virtual assistant server 212 (hereinafteralso referred to a system server), a system database 214, a webserver216, and a user device 218. Various components of the virtual assistantsystem 200 such as the electronic device 202, the authentication device204 having the fingerprint reader 206, the authentication server 208,the authentication database 210, the virtual assistant server 212, thesystem database 214, the webserver 216, and the user device 218 maycommunicate with each other via a network 220. The examples of thenetwork 220 may include, but are not limited to, private or public LAN,WLAN, MAN, WAN, and the Internet. The network 220 may include both wiredand wireless communications according to one or more standards and/orvia one or more transport mediums. The communication over the network220 may be performed in accordance with various communication protocolssuch as Transmission Control Protocol and Internet Protocol (TCP/IP),User Datagram Protocol (UDP), and IEEE communication protocols. In oneexample, the network 220 may include wireless communications accordingto Bluetooth specification sets, or another standard or proprietarywireless communication protocol. In another example, the network 220 mayalso include communications over a cellular network, including, e.g. aGSM (Global System for Mobile Communications), CDMA (Code DivisionMultiple Access), EDGE (Enhanced Data for Global Evolution) network.

An authentication device 204 having a fingerprint reader 206 may becoupled with an electronic device 202 to authenticate users prior to theusers accessing various features of the electronic device 202. In someembodiments, the authentication device 204 having the fingerprint reader206 may be wired or wirelessly connected with the electronic device 202to authenticate the users prior to the users accessing various featuresof the electronic device 202. In one non-limiting example, theelectronic device 202 may be wired or wirelessly connected to afingerprint reader 206 of the authentication device 204 to authenticatethe users using fingerprint data of the users. If a user does notpresent a fingerprint that matches the fingerprint of a registered user,the user will not be authorized to access the electronic device 202. Theelectronic device 202 may be a virtual assistant device, portablecomputer, a tablet computer, a computer monitor, a handheld device,global positioning system equipment, a gaming device, a cellulartelephone, portable computing equipment, or other electronic equipment.In operation, the fingerprint reader 206 may operate in multiple modesto authenticate users. For example, the fingerprint reader 206 mayoperate in a stationary mode and a moving mode to authenticate theusers. In the stationary mode, a fingerprint reader 206 may capturefingerprints while a user's finger is held in a stationary position onthe fingerprint reader 206 and then transmit captured fingerprint datato a processor of an authentication server 208, which may authenticatethe user based on the processing of the captured fingerprint data. Inthe moving mode, a fingerprint reader 206 may require that a user swipea finger across the fingerprint reader 206 and then transmit capturedfingerprint data to a processor of an authentication server 208, whichmay authenticate the user based on the processing of the capturedfingerprint data. A fingerprint reader 206 may include a fingerprintsensor. In some embodiments, the fingerprint reader 206 may beassociated and/or coupled to a fingerprint sensor, which may be aseparate component. In some embodiments, the fingerprint reader 206 maybe associated and/or coupled to multiple fingerprint sensors, which maybe separate components. The fingerprint reader 206 may further include areceiving portion in any suitable shape that is configured to accept atleast a percentage of one finger of a user. The at least one finger of auser may be disposed in proximity to the receiving portion and readableby the fingerprint sensor. Upon receipt of the percentage of the atleast one finger of a user, the fingerprint sensor detects one or morepredetermined features of the at least one finger of a user whilereading at least a portion of a fingerprint of a user's finger inresponse to the finger positioned adjacent to the fingerprint sensor. Insome embodiments, the fingerprint sensor may further include a featuredetection sensor that is in operative relation with the fingerprintsensor. In some embodiments, the fingerprint sensor may further includemultiple feature detection sensors that are in operative relation with asingle fingerprint sensor. In some embodiments, the fingerprint sensormay further include multiple feature detection sensors that are inoperative relation with multiple fingerprint sensors. The featuredetection sensor detects the one or more predetermined features, or anycombination thereof of the at least one finger of a user. The one ormore predetermined features may correspond to any marks on the finger, acolor of skin of the finger, etc.

A fingerprint sensor and/or a feature detection sensor may be physicallyassociated with a fingerprint reader 206 of an authentication device 204(e.g., connected to, or a component of). In some embodiments, thefingerprint sensor and/or the feature detection sensor may be part ofthe fingerprint reader 206 of the authentication device 204. Thefingerprint sensor and/or a feature detection sensor may be configuredto detect the one or more predetermined users and features of theirfingers. The fingerprint sensor and/or the feature detection sensor maybe configured to generate biometric data (such as fingerprint data),which may then be processed by one or more processors of anauthentication server 208 of the authentication device 204 to determinevarious modes of operation. The authentication server 208 may be part ofthe authentication device 204. In some embodiments, the authenticationserver 208 may be a separate component in communication with thefingerprint reader 206 of the authentication device 204. In someembodiments, the authentication server 208 may be a separate componentin communication with the fingerprint sensors and/or the featuredetection sensors of the authentication device 204. As detailed herein,the fingerprint sensor and/or the feature detection sensor may transmitthe biometric fingerprint data collected during the fingerprint sensorand/or the feature detection sensor operations to the one or moreprocessors of the authentication server 208 of the authentication device204 for subsequent processing by the one or more processors of theauthentication server 208.

During operation, the one or more processors of the authenticationserver 208 of the authentication device 204 may match the receivedbiometric fingerprint data with stored biometric data of authorizedusers in an authentication database 210. Additionally or alternatively,one or more sensor processors of the fingerprint sensor and/or thefeature detection sensor may be connected to or housed within thefingerprint sensor and/or the feature detection sensor for subsequentprocessing of the biometric fingerprint data. During processingoperation, the one or more sensor processors of the authenticationserver 208 of the authentication device 204 may match the biometricfingerprint data with stored biometric data of authorized users in anauthentication database 210. The sensor processors of the fingerprintsensor and/or the feature detection sensor may include a microprocessorthat executes various data processing routines, whereby the biometricfingerprint data received at the sensor processor of the fingerprintsensor and/or the feature detection sensor or processor of theauthentication device 204 has been partially or completely pre-processedas useable data for authentication of the user. In some configurations,the fingerprint sensor and/or the feature detection sensor may be a partof (e.g., communicatively coupled with) the authentication device 204.For instance, the fingerprint sensor and/or the feature detection sensormay be an internal device installed and executing on the authenticationdevice 204. In some embodiments, an electronic device 202, which may bea stand-alone, stationary, non-battery powered, WIFI-enabledcomputerized virtual assistant device connected to the authenticationdevice 204 may identify a connection with the authentication device 204and then activate the fingerprint reader 206 in order to receiveinstructions of authorization of the user determined based on thesensory data from the fingerprint sensor and/or the feature detectionsensor of the fingerprint reader 204.

The authentication device 204 may further include a communicationscomponent. The communications component may effectuate wired and/orwireless communications to and from transmitters and/or receivers of anelectronic device 202, which may be a stand-alone, stationary,non-battery powered, WIFI-enabled computerized virtual assistant device.The communications component may also effectuate wired and/or wirelesscommunications to and from one or more processors of an authenticationserver 208. In some embodiments, the communications component may be anembedded component of the authentication device 204; and, in some cases,the communications component may be attached to the authenticationdevice 204 through any wired or wireless communications medium. In someembodiments, the communications component may be shared among aplurality of sensor processors of a fingerprint sensor and/or a featuredetection sensor of the authentication device 204, such that each of thesensor processor of the fingerprint sensor and/or the feature detectionsensor coupled to the communications component may use the sensor dataand/or authentication data received within a communications signal, bythe communications component.

A communications component of the authentication device 204 may includeelectromechanical components (e.g., processor) that allow thecommunications component to communicate various types of biometricsensor data (fingerprint data of a user) captured by fingerprint reader204 with sensor processors, processors of an authentication server 208,and/or transmitters and receivers of an electronic device 102, which maybe a stand-alone, stationary, non-battery powered, and WIFI enabledvirtual assistant device via communications signals. In someimplementations, these communications signals may represent a distinctchannel for hosting communications, independent from the sensorcommunication. The biometric sensor data may be communicated using thecommunications signals, based on predetermined wired or wirelessprotocols and associated hardware and software technology. Thecommunications component may operate based on any number ofcommunication protocols, such as Bluetooth®, Wireless Fidelity (Wi-Fi),Near-Field Communications (NFC), ZigBee, and others. However, it shouldbe appreciated that the communications component is not limited toradio-frequency based technologies, but may include radar or infrared.

Using a communications signal, a communications component of anauthentication device 100 may communicate biometric sensor data(fingerprint data of a user) captured by fingerprint reader 204 that maybe used, e.g., to identify authorized users of an electronic device 102,which may be a stand-alone, stationary, non-battery powered, and WIFIenabled virtual assistant device, and determine whether authorized usersare approved to generate requests to access sensitive data, among otherpossible functions. Similarly, a communications component of anelectronic device 202 may use a communications signal to communicatedata to the authentication device 204. As an example, the communicationscomponent of the authentication device 204 may communicate (i.e., sendand receive) different types of biometric sensor data (e.g., fingerprintbased authentication data and user identification data) containingvarious types of information. Non-limiting examples of the informationmay include a user identifier (user ID) of a user, and other suchinformation.

A fingerprint reader 206 may further include a plug-in interface tocommunicate fingerprint data associated with the a fingerprint of atleast one of user's finger and feature information associated with theuser to an authentication server 208. The authentication server 208 mayexecute a fingerprint-analyzing program/algorithm for authenticating theuser by verifying the fingerprint of the user's finger by matching withthe fingerprint of the user's finger with a set of fingerprintcredentials associated with authorized users stored in an authenticationdatabase 210. Additionally, the authentication server 208 may includethe feature-analyzing program/algorithm for detecting one or morepredetermined features, or any combination thereof of the user. The oneor more predetermined features may correspond to any marks on thefinger, a color of skin of the finger, etc.

Authentication server 208 may be devices where fingerprint-analyzingprogram/algorithm and/or feature-analyzing program/algorithm may beexecuted for verifying fingerprints and/or features of a user receivedfrom a fingerprint reader 104. The authentication server 208 may be anyserver computing device comprising a processor and capable of performingthe various tasks and processes described herein. Non-limiting examplesof the analytic server may include laptops, desktops, servers, tablets,and smartphones. The authentication server 208 may be coupled via one ormore internal or external networks to a database. Software such asfingerprint-analyzing program/algorithm and/or feature-analyzingprogram/algorithm executed by the analytic server permits the analyticserver to validate the fingerprint of the user and authenticate theuser. The authentication server 208 may then transmits authenticationstatus and/or corresponding authentication data of the user to a virtualassistant server 212 associated with an electronic device 202 to allowthe electronic device 202 to accept and process one or more requestsfrom the user based on the authentication status. In some embodiments,the authentication server 208 may transmit the authentication statusand/or corresponding authentication data of the user directly to aprocessor of the electronic device 202 to allow the electronic device202 to accept and process one or more requests from the user based onthe authentication status.

When an authentication server 208 determines that a fingerprint of auser received from a fingerprint reader 206 does not match a record offingerprints of authorized users stored in an authentication database210, then the authentication server 208 may activate an alarm device.The alarm device may produce a warning, and/or may generate and transmita digital message and/or a voice message to an user device 218 operatedby an authorized user (who may be an administrator and/or owner ofelectronic device 202). In one non-limiting example, after theauthentication server 208 determines that the fingerprint of the userreceived from the fingerprint reader 206 does not match a record offingerprints of authorized users stored in the authentication database210, the authentication server 208 may generate and transmit a triggersignal to a processor of the alarm device, which may activate thewarning, and/or generate and transmit a notification about unauthorizedattempt to access the electronic device 102 to the user device 218. Awarning produced by the alarm device may include any type of sensoryfeedback, such as audio feedback, visual feedback, haptic feedback, orsome combination. In another non-limiting example, after theauthentication server 208 determines that the fingerprint of the userreceived from the fingerprint reader 206 does not match a record offingerprints of authorized users stored in the authentication database210, the authentication server 208 may generate and transmit a triggersignal to a processor of a camera device comprising one or more cameraslocated in a building where the electronic device 202 is located inorder to capture images of the unauthorized user whose fingerprints didnot match a record of fingerprints of authorized users. Theauthentication server 208 may then transmit a notification aboutunauthorized attempt to access the electronic device 202 and imagescaptured to the user device 218.

In some embodiments, when an authentication server 208 determines that afingerprint of a user received from a fingerprint reader 206 does notmatch a record of fingerprints of authorized users stored in anauthentication database 210, then the authentication server 208 mayselect a record of an authorized user (who may be an administratorand/or an owner of electronic device 202) from the authenticationdatabase 210, and then review or update unauthorized attempt data storedin the user record to mention that an unauthorized attempt to access theelectronic device 202 occurred.

In some embodiments, when an authentication server 208 determines that afingerprint of a user received from a fingerprint reader 206 does notmatch a record of fingerprints of authorized users stored in anauthentication database 210, then the authentication server 208 maygenerate an alert. After generating the alert, the authentication server208 may score the alert. The authentication server 208 may score thealert based on one or more attributes. For instance, when theauthentication server 208 determines that only a single fingerprint isreceived from a fingerprint reader 206 within a predetermined amount oftime that does not match a record of fingerprints of authorized usersstored in the authentication database 210, then the authenticationserver 208 may assign a low risk score to alert. However, when theauthentication server 208 determines that multiple fingerprints havebeen received from a fingerprint reader 104 within a predeterminedamount of time, and none of the received fingerprints match a record offingerprints of authorized users stored in the authentication database210, then the authentication server 208 may assign a high risk score tothe alert. Based on a risk score calculated for alerts, theauthentication server 208 may transmit an alert record to address nextto an analyst computer operated by an analyst. The risk score canprioritize the queue for the analyst computer, and can continuouslyupdate the risk score, and thus the prioritization, within the queue.Based on the risk score of the alert, the analyst computer may select amode of communication to connect with user device 218 of an authorizeduser (who may be an administrator and/or an owner of electronic device202).

An analyst computer (not shown) GUI operated by an analyst may receivealerts associated with fraudulent fingerprint attempts by unauthorizedusers from an authentication server 208. In some embodiments, theanalyst computer GUI operated by the analyst may directly receive alertsassociated with the fraudulent fingerprint attempts by the unauthorizedusers from a fingerprint reader 206. In some embodiments, the analystcomputer GUI operated by the analyst may directly receive alertsassociated with the fraudulent fingerprint attempts by the unauthorizedusers from an authentication device 204. In some embodiments, theanalyst computer GUI may receive alerts that are related to subjectmatter (e.g., type of threat) or procedural role (e.g., time-sensitivethreat) of the respective analyst. In some implementations, the alertsmay have a data field indicating identifying the nature of the potentialthreat and another data field indicating a time-sensitive nature orcustomer-sensitive nature of the potential threat. Based on this datafield, the analyst computer may receive the alerts having subject matteror procedural data fields associated with the analyst credentials. Forinstance, the analyst credentials of an analyst specializing in timesensitive alerts would indicate to the analyst computer that the analystcomputer should retrieve and present the alerts having a data fieldindicating that the particular alert is time sensitive. In someimplementations, the alerts may be stored into dedicated databases orsub-databases of a system database 214 or an authentication database210, where each sub-database is configured to store alerts with certaintypes of alerts. In such implementations, the analyst computer may belimited to accessing certain sub-databases according to the analystcredentials of the analyst operating the analyst computer. Similarly,the analyst computer may receive updates or notification messages thatthe analyst computer presents on a GUI to the analyst. An analyticcomputer, system database 214, or other server may trigger and transmitalert notification to each analyst computer having analyst credentialswith access attributes indicating the role of the analyst. For instance,an analyst may have analyst credentials with attributes that indicatethe analyst specializes in handling time-sensitive alerts. When a newalert is generated or an existing alert is updated with a data fieldindicating the alert is time sensitive, the analytic computer or otherdevice may transmit a notification message to the analyst computer.

An analyst computer may have a GUI that allows an analyst to mark or tagan alert corresponding to unauthorized attempt to access an electronicdevice 202 by unauthorized users. A data field in the record of thealert is then updated to reflect the tag inputted by the analystcomputer. The analyst computer may further perform various forms ofprocessing on the data fields, such as identifying which, if any, otheralerts contain maximum risk. In some embodiments, the analyst computermay perform various forms of processing on the data fields to validatethe alert corresponding to the fraudulent fingerprint attempt. Theanalyst computer upon processing and analyzing the alert may transmit anotification to a user device 218 (such as a mobile phone) of a userindicating that a fraudulent fingerprint attempt have been made toaccess features of the electronic device 202, which may be astand-alone, stationary, non-battery powered, WIFI-enabled virtualassistant device. The notification may be transmitted to the user device218 in form of a telephone call, a message, or an electronic email. Thenotification may include a date and a time at which fraudulentfingerprint attempt occurred. The notification may also include a numberof times the fraudulent fingerprint attempts occurred. The notificationmay also include images captured at location of the authenticationdevice 204 and/or the electronic device 202.

During the processing of an alert, an analyst computer may also checkvalidity of the alert by confirming that the received fingerprint doesnot match a record of approved fingerprints stored in an authenticationdatabase 210. For instance, the analyst computer may query anauthentication database 210. The authentication database 210 may includea whitelist record and a blacklist record. In some embodiments, ananalytic server may generate whitelist records and blacklist recordsbased on classification of an incoming query associated with a receivedfingerprint, and store in the authentication database 210. In someembodiments, an analyst computer may generate whitelist records andblacklist records based on classification of an incoming queryassociated with a received fingerprint, and store in the authenticationdatabase 210. The query is classified based on a fingerprint, which maybe performed in numerous ways. For example, one or more fingerprintsassociated with known registered client/customer of an electronic device202 can be whitelisted (e.g., identified in the whitelist record). Thequery can be classified by consulting a record of previousclassifications made to queries with the same fingerprint. The whitelistrecord may include a list of authorized fingerprints, and the blacklistrecord may include a list of un-authorized fingerprints. The set of oneor more acceptable and authorized fingerprint of the whitelist recordare predetermined to satisfy the safety acceptability threshold. Duringoperation, in order to verify that a fingerprint received from one ormore users matches with a stored record of a fingerprints, the analystcomputer may first query the whitelist record hosted by theauthentication database 210. Upon determining that the receivedfingerprint is present in the whitelist, the analyst computer mayautomatically forge determination of creditability of the fingerprintthat is matched to an satisfactory fingerprint in the whitelist record.

User device 218 may be a computing device used by a user who may haveauthorization to access an electronic device 202, which may be astand-alone, stationary, non-battery powered, WIFI-enabled virtualassistant device. In some embodiments, the user may be owner of anelectronic device 202 and be allowed to authorize one or more otherusers who may have access to various features of the electronic device202. The user device 218 may be any computing device comprising aprocessor and non-transitory machine-readable storage medium and capableof performing the various tasks and processes described herein duringexecution. Non-limiting examples of the user device 218 may include amobile device, a desktop computer, a server computer, a laptop computer,a tablet computer, and the like. For ease of explanation, it is assumedthat a single mobile device functioning as the user device 218. However,it should be appreciated that some embodiments may comprise any numberof mobile devices capable of performing the various tasks describedherein.

An electronic virtual assistant device 202 may be a computerized voiceassistant device and/or a voice controlled assistant. The electronicdevice 202 is described in context of an architecture in which theelectronic device 202 is connected to remote people or cloud service viaa network 220 (e.g., connected via WIFI to the internet or privatenetwork). The electronic device 202 may be implemented as a hands-freedevice equipped with a wireless interface, and may rely on voiceinteractions with a user for receiving requests. In some embodiments,the electronic device 202 may be a stand-alone voice controlledassistant, that is, the electronic device 202 may only be incommunication with various voice-based services implemented via virtualassistant programs and applications. In some embodiments, the electronicdevice 202 may be a stationary voice controlled assistant, which is thatthe electronic device 202 is designed for regular use at a singlelocation on or near a desk or table due to size and power requirements.In some embodiments, the electronic device 202 may be a non-batterypowered, WIFI-enabled voice controlled assistant, whereby the device ispositioned on a surface (e.g., shelf, table, dashboard, desk,nightstand) and plugged into a power source. Such configuration may beconsidered “stationary” in that it is configured to stay in a singlelocation and listen and communication over a network from that location.The authentication device 204 serves as a base for the device and isintended to be positioned on a surface where it can have a consistentpower source and network connection. In some embodiments, the electronicdevice 202 may be a stand-alone, stationary, non-battery powered, andWIFI enabled computerized voice controlled assistant.

In some embodiments, the electronic device 202 may be any computingdevice comprising a processor and non-transitory machine-readablestorage medium and capable of performing the various tasks and processesdescribed herein during execution. The electronic devices 202 may alsoinclude a desktop computer and a server computer comprising virtualassistants. In some embodiments, the electronic device 202 may be partof a virtual assistant system, which also includes a virtual assistantserver 212 and a system database 214. To illustrate one non-limitingexample usage scenario of the electronic device 202, the electronicdevice 202 may be stationary and positioned in a room to receive userinput in the form of voice interactions, such as spoken requests or aconversational dialogue. Depending on the request, the electronic device202 may perform any number of actions or functions. For instance, theelectronic device 202 may initiate a financial transaction requested bythe user. For example, the user employs the electronic device 202 toengage in an online banking transaction.

An electronic device 202 may be configured to communicate with anauthentication device 204 through one or more networks 220, using wiredand/or wireless communication capabilities. In some embodiments, acommunications component of the electronic device 202 may be configuredto communicate with a communications component of the authenticationdevice 204 through one or more networks 220, using wired and/or wirelesscommunication capabilities. In some embodiments, the electronic device102 may also be configured to communicate with an authentication server208 through one or more networks 220, using wired and/or wirelesscommunication capabilities. In some embodiments, the electronic device102 may also be configured to communicate with the authentication device204 via the authentication server 208 through one or more networks 220,using wired and/or wireless communication capabilities. In someembodiments, the electronic device 102 may also be configured tocommunicate with the authentication device 204 via an analyst computerthrough one or more networks 220, using wired and/or wirelesscommunication capabilities.

In operation, an electronic device 202 and ECHO™ may execute a virtualassistant program, which may include a user interface that renders aninteractive layout, schematic, or other elements for an authorized userto input a request via a webserver 216. For example, the user interfacemay include a text based interface allowing the authorized user to entermanual commands. The request inputted by the authorized user correspondsto an instruction, which is sent by the electronic device 102 to avirtual assistant server 212 through a network 220. In some embodiments,the instruction may correspond to the request inputted by the authorizeduser interacting with a chatbot. A chatbot may also be known as atalkbot, chatterbot, Bot, chatterbox, Artificial Conversational Entity.The chatbot may be a computer program that conducts a conversation withthe authorized user via auditory or textual methods on a user interface.The computer program is designed to simulate how the authorized wouldbehave as a conversational partner. The chatbots may be used in dialogsystems for various purposes including customer service or informationacquisition. In some embodiments, some of the chatbots may use naturallanguage processing systems, which may scan for keywords within theinput request, then pull a reply with the most matching keywords, or themost similar wording pattern, from a database to answer the request ofthe authorized user.

An electronic device 202 may receive multiple instructions/requests froma same user or different users. Each user who can transmit theinstruction to the electronic device 202 must be authorized by anauthentication device 204 prior to the electronic device 202 receivingthe multiple instructions/requests from a same user or different users.The instructions/requests may be of same subject matter or differentsubject matters. In some embodiments, the electronic device 202 mayexecute a virtual assistant program to allow the user to input a requestor display the requested information to the user. The user may input arequest of different types or formats. For example, the request may bein the type of rich text or auditory input (e.g., WAV, MP3, WMA, AU, andthe like), or any other format the electronic device 202 supports. Theuser may choose to input a request in one type or any combination ofdifferent types based on his/her preference. For example, the user mayinput a request that includes texts of different fonts, pictures ofdifferent types (e.g. BMP, GIF, JPG or PNG). The word processingsoftware may support rich text file format and makes it a common formatbetween otherwise incompatible word processing software and operatingsystems. There may be subtle differences between different versions ofthe rich text format specification. Nevertheless, the rich text formatis consistent enough from computer to computer to be considered highlyportable and acceptable for cross-platform use.

In operation, a user after being authorized by an authentication device204 may open a website in an Internet browser or a local application onan electronic device 102 configured to receive an instruction or arequest from the user. The Internet browser or a local application onthe electronic device 102 may be accessed via a webserver 216. In someembodiments, a secondary level of authentication may then be performed.For instance, the user may enter credential information such asusername, password, certificate, and biometrics. The electronic device202 then transmits the user inputs to a virtual assistant server 212 forauthentication. The virtual assistant server 212 may access a systemdatabase 214 configured to store user credentials, which the virtualassistant server 212 may be configured to reference in order todetermine whether a set of entered credentials (purportedly forsecondarily authentication of the user) match an appropriate set ofcredentials that identify and authenticate the user. After the virtualassistant server 212 secondarily authenticates the user and/ordetermines the user's role, the virtual assistant server 212 maygenerate and serve webpages to the electronic device 202. The webpagesmay include the virtual assistant program user interface for the user toinput requests/instructions. In a conversational client layer, thevirtual assistant server 212 may receive different requests/instructionsfrom the user through the electronic device 202. Different electronicdevices 202 may have different input/output capabilities along withvarious ways of implementing solutions. Some electronic devices 202 mayhave audio input and output, while other electronic devices 202 mayaccept and reply with text, audio, rich media content and/or somecombination thereof. For example, the user interface may include atext-based interface where the user can manually type requests andinteract with a virtual assistant by using a keyboard. In anotherexample, the user interface may include an audio-based interface wherethe user can issue requests/instructions by talking to a virtualassistant.

An electronic device 202 may transform requests/instructions of anauthorized user into appropriate type for processing. In someembodiments, the electronic device 202 may transmit therequests/instructions of the authorized user to a virtual assistantserver 212 for processing and analysis. In a transformation layer, theelectronic device 202 may translate the communication protocols fromvarious clients into a single set of application programming interfaces(APIs) for processing. While the requests/instructions received from theauthorized user may be of different types, and then the electronicdevice 202 may not be able to understand or process all different typesof the requests/instructions. In such cases, the electronic device 202may then transform the requests/instructions to a specific computerreadable type (e.g., PDF, DOC, DOCX, XLS, and the like). For example,the electronic device 202 supports audio, and the requests/instructionsinputted by the user is audio, however the electronic device 202 mayonly understand text. In such cases, the electronic device 202 maytransform the audio to text for further processing. In a standardizedAPI layer, the electronic device 202 may translate therequests/instructions to a standard form, including audio translation,emoji translation, language translation, and image translation. Theaudio translation may convert the audio input (e.g., audio file orstream) of speech to text. The emoji translation may convert any emojisin the input into the lexical representation. The electronic device 202may further pass along the translated emojis in a separate object forfurther intent and sentiment interpretation to an analytic server. Thelanguage translation may translate many languages to one or one languageto many, depending on the user's requirements. The image translation mayconvert any images in the input into the lexical representation. Afterconverting the requests/instructions of the user into a correct format,the electronic device 202 may then generate an answer in response to therequests/instructions. The electronic device 202 may generate theresponse in a format that the electronic device 202 supports. In someembodiments, after converting the requests/instructions of the user intothe correct format, the electronic device 202 may then perform atransaction such as transferring money from one account to other accountin response to the request/instruction received from the authorizeduser.

An electronic device 202 may be associated with a webserver 216, whichmay be any computing device hosting an Internet browser or a localapplication accessible to electronic device 202 via the Internet. Thewebserver 216 may be any computing device comprising a processor andnon-transitory machine-readable storage capable of executing the varioustasks and processes described herein. Non-limiting examples of suchwebserver 216 may include workstation computers, laptop computers,server computers, laptop computers, and the like.

The webserver 216 may execute software applications configured to host alocal application (e.g., Apache®, Microsoft IIS®), which may generateand serve virtual assistant page to the electronic device 202. Thevirtual assistant page may be used to generate requests by an authorizeduser to access data (such as sensitive financial data and personalinformation) stored on a system database. In some implementations, thewebserver 216 may be configured to require user secondarilyauthentication based upon a set of user authorization credentials (e.g.,biometric data, biometrics, cryptographic certificate). In suchimplementations, the webserver 216 may access a system database 214configured to store user credentials, which the webserver 216 may beconfigured to reference in order to determine whether a set of enteredcredentials purportedly authenticating the user match an appropriate setof credentials that identify and authenticate the user. Similarly, insome implementations, the webserver 216 may generate and serve virtualassistant page to the electronic device 202 based upon a user role. Insuch implementations, the user role may be defined by data fields in theuser records stored in the system database 214, and secondarilyauthentication of the user and user role may be conducted by thewebserver 216 by executing an access directory protocol. The webserver216 may then be instructed to generate virtual assistant page content,access or generate data stored in the system database 214, according tothe user role defined by the user record in the system database 214.

In some embodiments, as the webserver 216 may require users tosecondarily authenticate using credentials that identify a user as avalid customer, the webserver 216 may generate alerts related to user'sinteractions with the virtual assistant page hosted by the webserver216. For example, the webserver 216 may generate the alerts indicating afailed authentication attempt received from an electronic device 202. Asanother example, the webserver 216 may generate the alerts when the userperforms or otherwise requests unusual actions. In some cases, thewebserver 216 may generate a model for typical or atypical behaviors ofthe user. The model, for example, may indicate a list of generalrequests of a user. It should be appreciated that these are onlyexamples of the alerts that may be generated by the webserver 216, andthe webserver 216 may generate the alerts for any number of interactionswith the website.

A webserver 216 may generate session records for an interaction betweena virtual assistant program of an electronic device 202 and a user. Asession record may contain data fields related to the interaction, suchas a session identifier, a timestamp, and a user identifier. Thewebserver 216 may store the session records locally or in a systemdatabase 214 hosted on any virtual assistant server 212 within a network220. The webserver 216 may capture data for the interaction at differenttimes of the interactions, such as capturing user biometric identifierinformation from an authentication attempt. In some instances, a sessionmay transition between channels. For example, a session may begin when auser accesses the electronic device 202 and is properly authenticated asan authorized customer. The user may then experience difficulties inaccessing certain features or may identify certain irregularities in theelectronic device 202, prompting the user to contact an admin over atelephone. The session information for that additional contact maycontinue as the session transitions from a virtual assistant-basedchannel to a telephone-based channel. The admin may input variousinformation fields into a GUI presented on a admin computer, such as thepurported user who is contacting the admin and source deviceinformation.

An authentication database 210 may be hosted on an authentication device204 and/or an electronic device 202, where the authentication database210 may store data records associated with various aspects of theapplication services offered to end users. Non-limiting examples of whatmay be stored in the authentication database 210 may include userrecords that may comprise data fields describing users, e.g., user data,such as authorized user credentials (e.g., biometrics, encryptioncertificates, username, passwords), white lists, black lists, userroles, or user permissions; document records that may comprisemachine-readable computer files (e.g., word processing files), parsedportions of such computer files, or metadata associated with computerfiles; and application data that may include software instructionsexecuted by an analytic server or data used by the such applicationsexecuted by the analytic server.

A memory of an authentication database 210 hosted on an authenticationdevice 204 and/or an electronic device 202 may be a non-volatile storagedevice for storing user credentials such as biometrics, encryptioncertificates, username, passwords, to be used by a processor of theauthentication device 204 and/or the electronic device 202. The memorymay be implemented with a magnetic disk drive, an optical disk drive, asolid-state device, or an attachment to a network storage. The memorymay include one or more memory devices to facilitate storage andmanipulation of program code, set of instructions, tasks, data, PDKs,and the like. Non-limiting examples of memory implementations mayinclude, but are not limited to, a random access memory (RAM), a readonly memory (ROM), a hard disk drive (HDD), a secure digital (SD) card,a magneto-resistive read/write memory, an optical read/write memory, acache memory, or a magnetic read/write memory.

A memory of an authentication database 210 hosted on an authenticationdevice 204 and/or an electronic device 202 may be a temporary memory,meaning that a primary purpose of the memory is not long-term storage.Examples of the volatile memories may include dynamic random accessmemories (DRAM), static random access memories (SRAM), and other formsof volatile memories known in the art. In some embodiments, the memorymay be configured to store larger amounts of information than volatilememory. The memory may further be configured for long-term storage ofinformation. In some examples, the memory may include non-volatilestorage elements. Examples of such non-volatile storage elements includemagnetic hard discs, optical discs, floppy discs, flash memories, orforms of electrically programmable memories (EPROM) or electricallyerasable and programmable (EEPROM) memories.

FIG. 3 illustrates a process for authenticating a user accessing avirtual assistant system, according to an method 300. The method 300shown in FIG. 3 comprises execution steps 302, 304, and 306. However, itshould be appreciated that other embodiments may comprise additional oralternative execution steps, or may omit one or more steps altogether.It should also be appreciated that other embodiments may perform certainexecution steps in a different order; steps may also be performedsimultaneously or near-simultaneously with one another. In addition, themethod 300 of FIG. 3 is described as being executed by a single server,referred to as an analytic server in this embodiment. However, in someembodiments, steps may be executed by any number of computing devicesoperating in a distributed computing environment. In some cases, acomputer executing one or more steps may be programmed to executevarious other, unrelated features, where such computer does not need tobe operating strictly as the authentication server described herein.

In a first step 202, an authentication server is configured to receivean authentication request for a user from a biometric identificationreader of an authentication device. The authentication request for theuser may correspond to access and/or execute a command using to anelectronic virtual assistant device. The authentication request mayinclude a set of purported biometric data credentials of the user. Theset of purported biometric data credentials of the user may includefingerprint data of the user.

An authentication device may include a biometric identification device.The biometric identification reader is configured to receive a set ofpurported biometric data credentials of a user. The biometricidentification device is a fingerprint recognition device such as afingerprint reader. The fingerprint reader may include one or morefingerprint sensors. The fingerprint reader may be coupled to the one ormore fingerprint sensors. The authentication device may further includeone or more electronic circuits, one or more processors, a memory, and abattery. The authentication device may also be associated to a database.The fingerprint reader may be wired or wirelessly connected with anelectronic virtual assistant device.

An electronic virtual assistant device may be a virtual assistantdevice, portable computer, a tablet computer, a computer monitor, ahandheld device, global positioning system equipment, a gaming device, acellular telephone, portable computing equipment, or other electronicequipment. In some embodiments, the electronic virtual assistant devicemay be a computerized virtual assistant device. The electronic virtualassistant device may include an application program interface. Theapplication program interface is compatible with the authenticationdevice programmed into comparing the set of purported biometric datacredentials of the user to the set of credentials associated withauthorized users

In a next step 204, an authentication server is configured to query adatabase. The databases may be in communication with the authenticationserver. The database may store a set of biometric credentials associatedwith authorized users. The set of biometric credentials associated withauthorized users corresponds to fingerprint data of the authorizedusers.

In a next step 206, an authentication server is configured to match theset of purported biometric data credentials of the user with the set ofcredentials associated with authorized users. In response to servermatching the set of purported biometric data credentials of the userwith the set of credentials associated with authorized users, theauthentication server grants access to the user to a virtual assistantprogram/application being executed on the electronic virtual assistantdevice. The user may then generate and transmit one or moreinstructions/requests using the virtual assistant program/applicationbeing executed on the electronic virtual assistant device. The requestmay include performing a money transfer from one account to anotheraccount. The virtual assistant program/application may then transmit theinstructions/requests to the authentication server. In some embodiments,the virtual assistant program/application may transmit theinstructions/requests to the analytic server along with accountinformation associated with the accounts of the user. The virtualassistant program/application may have access to all user data stored ina database or a cloud database. The authentication server may thenexecute the instructions/requests and performing the money transfer fromone account to another account. Upon the authentication serverperforming the money transfer from one account to another account, theanalytic server may then transmit a confirmation message correspondingto successful execution of the request to the virtual assistantprogram/application. The virtual assistant program/application may thentransmit the same confirmation message to the user or modify theconfirmation message and then transmit the modified conformation messageto the user.

The various illustrative logical blocks, modules, circuits, andalgorithm steps described in connection with the embodiments disclosedherein may be implemented as electronic hardware, computer software, orcombinations of both. To clearly illustrate this interchangeability ofhardware and software, various illustrative components, blocks, modules,circuits, and steps have been described above generally in terms oftheir functionality. Whether such functionality is implemented ashardware or software depends upon the particular application and designconstraints imposed on the overall system.

Embodiments implemented in computer software may be implemented insoftware, firmware, middleware, microcode, hardware descriptionlanguages, or any combination thereof. A code segment ormachine-executable instructions may represent a procedure, a function, asubprogram, a program, a routine, a subroutine, a module, a softwarepackage, a class, or any combination of instructions, data structures,or program statements. A code segment may be coupled to another codesegment or a hardware circuit by passing and/or receiving information,data, arguments, parameters, or memory contents. Information, arguments,parameters, data, etc. may be passed, forwarded, or transmitted via anysuitable means including memory sharing, message passing, token passing,network transmission, etc.

The actual software code or specialized control hardware used toimplement these systems and methods is not limiting of the subjectmatter. Thus, the operation and behavior of the systems and methods weredescribed without reference to the specific software code beingunderstood that software and control hardware can be designed toimplement the systems and methods based on the description herein.

When implemented in software, the functions may be stored as one or moreinstructions or code on a non-transitory computer-readable orprocessor-readable storage medium. The steps of a method or algorithmdisclosed herein may be embodied in a processor-executable softwaremodule, which may reside on a computer-readable or processor-readablestorage medium. A non-transitory computer-readable or processor-readablemedia includes both computer storage media and tangible storage mediathat facilitate transfer of a computer program from one place toanother. A non-transitory processor-readable storage media may be anyavailable media that may be accessed by a computer. By way of example,and not limitation, such non-transitory processor-readable media maycomprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage,magnetic disk storage or other magnetic storage devices, or any othertangible storage medium that may be used to store desired program codein the form of instructions or data structures and that may be accessedby a computer or processor. Disk and disc, as used herein, includecompact disc (CD), laser disc, optical disc, digital versatile disc(DVD), floppy disk, and Blu-ray disc where disks usually reproduce datamagnetically, while discs reproduce data optically with lasers.Combinations of the above should also be included within the scope ofcomputer-readable media. Additionally, the operations of a method oralgorithm may reside as one or any combination or set of codes and/orinstructions on a non-transitory processor-readable medium and/orcomputer-readable medium, which may be incorporated into a computerprogram product.

While various aspects and embodiments have been disclosed, other aspectsand embodiments are contemplated. The various aspects and embodimentsdisclosed are for purposes of illustration and are not intended to belimiting, with the true scope and spirit being indicated by thefollowing claims.

What is claimed is:
 1. An authentication device comprising: a housingcomprising a top wall, a bottom wall positioned opposite to the topwall, and a lateral wall joined to and disposed between the top wall andthe bottom wall and extending around the housing; a recess on the topwall configured to receive at least a portion of an electronic virtualassistant device; and a fingerprint reader disposed on the lateral walland configured to receive a set of purported fingerprint datacredentials of a user of the electronic virtual assistant device forauthenticating the user.
 2. The authentication device according to claim1, wherein the housing has a frustoconical shape.
 3. The authenticationdevice according to claim 1, wherein the recess is configured to receivea housing of the electronic virtual assistant device to support theelectronic virtual assistant device and the authentication device. 4.The authentication device according to claim 1, wherein the fingerprintreader comprises one or more fingerprint sensors.
 5. The authenticationdevice according to claim 1, wherein the fingerprint reader isconfigured to communicate over a network with an authentication serverand an authentication database.
 6. The authentication device accordingto claim 5, wherein the authentication database is configured to store aset of fingerprint credentials associated with authorized users of theelectronic virtual assistant device.
 7. The authentication deviceaccording to claim 5, wherein the fingerprint reader is configured tocommunicate the set of purported fingerprint data credentials of theuser to the authentication server.
 8. The authentication deviceaccording to claim 7, wherein the authentication server transmitsauthentication status of the user to the electronic virtual assistantdevice based on processing of the purported fingerprint data credentialsof the user.
 9. The authentication device according to claim 1, whereinthe housing comprises a power charging adapter, the power chargingadapter comprises a charging body coupled to a power connector, and thepower connector is configured to be coupled to the electronic virtualassistant device.
 10. An authentication device comprising: a housingcomprising a top wall, a bottom wall positioned opposite to the topwall, and a lateral wall joined to and disposed between the top wall andthe bottom wall; a recess on the top wall and that is configured toreceive at least a portion of an electronic virtual assistant device; afingerprint reader disposed on the lateral wall and that is configuredto receive a set of purported fingerprint data credentials of a user ofthe electronic virtual assistant device for authenticating the user; anda power charging adapter disposed within the housing, the power chargingadapter comprising a charging body coupled to a power connector havingan elongated shape, the power connector is configured to couple to asocket of the electronic virtual assistant device, and the charging bodycomprising at least one charging contact enabling passing through ofpower charge from the housing to the charging body.
 11. Theauthentication device according to claim 10, wherein the housing has afrustoconical shape.
 12. The authentication device according to claim10, wherein the fingerprint reader comprises one or more fingerprintsensors.
 13. The authentication device according to claim 10, whereinthe fingerprint reader is in communication with an authentication serverand an authentication database, and wherein the authentication databasestores a set of fingerprint credentials associated with authorized usersof the electronic virtual assistant device.
 14. The authenticationdevice according to claim 13, wherein the fingerprint reader comprises aplug-in interface to communicate the set of purported fingerprint datacredentials of the user to the authentication server.
 15. Theauthentication device according to claim 14, wherein the authenticationserver transmits authentication status of the user to the electronicvirtual assistant device based on processing of the purportedfingerprint data credentials of the user.
 16. The authentication deviceaccording to claim 10, wherein the electronic virtual assistant deviceis a computerized voice assistant device, and wherein the computerizedvoice assistant device comprises a virtual assistant program.